Due to a recent change in an automobile industry environment, shares of electronic and electric components of a vehicle (hereinafter referred to as ‘electronic parts’ in combination) has been increasing among other various parts and systems of the vehicle, and an importance of software of a vehicle has also been increasing. In addition, a communication between electronic control units (ECUs) based on a distributed network in a vehicle may enable the provision of various functions and services. Thus, a more emphasis has been placed on an importance of a vehicular functional safety, and an international standard on designing a vehicle based on the vehicular functional safety, for example, ISO 26262, was established. The vehicular functional safety is applied to increase a product reliability by decreasing a failure rate of electronic parts of a vehicle, increase safety for a driver through a failure diagnosis and safety mechanism, increase an availability of a vehicle through a product design process and a maintenance and repair system, and the like.
Further, using information and communication technology, a vehicle may evolve further to provide various services through a communication between parts in the vehicle, a vehicle-to-infrastructure (V2I) communication, a vehicle-to-vehicle (V2V) communication, and a communication between the vehicle and a smartphone of a driver. In addition, due to introduction of a network communication of a vehicle and parts and components of the vehicle, vehicle platooning and autonomous vehicle traveling in which interests have recently been increasing may be enabled.
However, such an increase in the shares of the electronic parts and software and the provision of services through communication connectivity may also increase a risk of security. For example, when an intentional error or failure occurs in an electronic part or software of a vehicle due to an attack or a threat on security, availability and safety ensured by the functional safety may be damaged.
However, the ISO 26262 may analyze only a risk based on a system design error and a random failure, but not consider a risk from a security attack, for example, a risk from a malfunction of a vehicle and vehicle parts by a malicious code or hacking.